﻿using System;
using System.Web;

using System.Data.SqlClient;
using System.Text;
using System.Security.Cryptography;

namespace IFD2
{
    public partial class ChgPwd : System.Web.UI.Page
    {
        protected void Page_Load(object sender, EventArgs e)
        {
            lblError.Text = "";

            if (!IsPostBack)
            {
                if (Application["DEBUG"].ToString() != "1" && Request.ServerVariables["HTTPS"] != "on")
                {
                    Response.Redirect("https://" + HttpContext.Current.Request.Url.Host + ":" + Convert.ToInt32(Application["HTTPS_PORT"].ToString()).ToString() + Application["WEB_PATH"].ToString() + "/chg_pwd.aspx");
                    return;
                }

                butChangeP_w_d.Attributes.Add("onclick", "javascript:return confirm('Are you sure?');");
            }
        }

        protected void butChangeP_w_d_Click(object sender, EventArgs e)
        {
            hidNew.Value = hidNew.Value.Trim();
            hidConfirm.Value = hidConfirm.Value.Trim();
            if (hidNew.Value != hidConfirm.Value)
            {
                lblError.Text = "Mismatched!";
                txtNew.Text = "";
                hidNew.Value = "";
                txtConfirm.Text = "";
                hidConfirm.Value = "";
                return;
            }
            if (!Pwd_Strength.Check(hidNew.Value, Session["USER"].ToString()))
            {
                lblError.Text = "Too weak!";
                txtNew.Text = "";
                hidNew.Value = "";
                txtConfirm.Text = "";
                hidConfirm.Value = "";
                return;
            }

            string salt = "";
            Pwd_Strength.GetSalt(60, ref salt);

            string pwd_hash;
            byte[] data = Encoding.ASCII.GetBytes(Session["USER"].ToString()+hidNew.Value+salt);//new byte[20];
            byte[] result;
            SHA256 sha = new SHA256CryptoServiceProvider();
            result = sha.ComputeHash(data);
            pwd_hash = BitConverter.ToString(result).Replace("-", "");
            //pwd_sha1 = System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile(txtNewPwd.Text, "SHA1");
            //if (Session["CHK_CODE"] == null)//不知为何最开始会丢失Session（偶尔）？
            //{
            //    lblError.Text = "Retry please.";
            //    txtCheckCode.Text = "";
            //    return;
            //}
            //if (txtCheckCode.Text != Session["CHK_CODE"].ToString())
            //{
            //    lblError.Text = "Please input the check code!";
            //    txtCheckCode.Text = "";
            //    return;
            //}
            int ret_code;
            SqlParameter para;
            SqlCommand cmd = new SqlCommand("bll_user_change_password");
            cmd.Parameters.AddWithValue("@user", Session["USER"].ToString());//txtUID.Text);
            //cmd.Parameters.AddWithValue("@old_pwd",txtOldPwd.Text);
            cmd.Parameters.AddWithValue("@new_pwd", pwd_hash);
            cmd.Parameters.AddWithValue("@salt", salt);
            //cmd.Parameters.AddWithValue("@airline", Session["AIRLINE"].ToString());
            para = cmd.Parameters.AddWithValue("@ip_addr", Request.UserHostAddress.ToString());

            try
            {
                ret_code = TinyDAL.Exec(ref cmd);
                if (ret_code == 0)
                {
                    Session["PWD"] = pwd_hash;//用于支付请求签名！
                    lblError.Text = "Done.";
                }
                else if (ret_code == 1)
                    lblError.Text = "Too short!(>=6)";
                else if (ret_code == 3)
                    lblError.Text = "Update failed!";
                else
                    lblError.Text = "Error:" + ret_code.ToString();

            }
            catch (Exception ex)
            {
                if (Application["DEBUG"].ToString() == "1")
                    lblError.Text = ex.Message;
                else
                    lblError.Text = "Unexpected error! Please recheck the input/output data first. If the error appears again, contact adminstrator with your operating details please.";
            }
            txtNew.Text = "";
            hidNew.Value = "";
            txtConfirm.Text = "";
            hidConfirm.Value = "";
        }
    }
}